![]() ![]() I don't know enough about managing cipher suites to approach resolving this issue. ![]() This error coincides with repeated attempts to authenticate user logins on MediaWiki with AD via LDAP. Looking now at the AD DC, I note the following event in the system log: Error from Schannel, Event ID 36874Īn TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. A PHP error on the web page reports that PHP was unable to start TLS ( Warning: ldap_start_tls(): Unable to start TLS: Connect error in.), and this same message is reconfirmed by the LdapAuthentication plugin's debug log which I set earlier to /tmp/debug.log. ![]() When I try to login using an AD credential set, however, MediaWiki reports a wrong password. The login form shows MYDOMAIN, and PHP reports no errors - the LdapAuthentication plugin looks good to go. I next add the AD DC's self-signed CA certificate to /etc/ssl/certs on the LAMP server, run c_rehash, and restart everything.Īt this point I am able to get into MediaWiki and navigate to the login form no problem. $wgLDAPSearchStrings = array("MYDOMAIN" => = array("MYDOMAIN" => "tls") $wgLDAPServerNames = array("MYDOMAIN" => "") $wgAuth = new LdapAuthenticationsPlugin() Require_once("$IP/extensions/LdapAuthentication/LdapAuthentication.php") line in /etc/mediawiki/nf, run the commands a2enconf mediawiki and php5enmod mycrypt, and lastly install the LdapAuthenticate MediaWiki extension according to tutorials at the author's website.Īppended to my /etc/mediawiki/LocalSettings.php are: ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7) LAMP installation is mostly taken care of by the Ubuntu Server installer, and I additionally install via apt-get the packages php5-intl php5-gd texlive php5-xcache imagemagick mediawiki mediawiki-math and their dependencies. I have tried to follow setup instructions as closely to the book as possible. Moreover, MediaWiki should - using Ryan Lane's excellent extension LdapAuthenticate - contact the AD DC to authenticate user logins. The aim is to set up an instance of MediaWiki on the LAMP server. All machines are able to reach one another by both IP address and DNS record, and the LAMP stack is (as far as I can tell) appropriately configured HTTP requests are served as expected. On the domain's network (though not formally domain-joined) is a LAMP web server running Ubuntu Server 14.04.3 LTS. I am working in an AD domain with a single DC running Windows Server 2012 R2. ![]()
0 Comments
Leave a Reply. |